fix: accessing the cluster resource with the wrong address

TomatoAres · Feb 13, 2020 · b18be8d · b18be8d
1 parent 41f29d8
commit b18be8d
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 23 deletions.
diff --git a/cmd/tke-installer/app/installer/installer.go b/cmd/tke-installer/app/installer/installer.go
@@ -2150,12 +2150,12 @@ func (t *TKE) execHook(filename string) error {
 }
 
 func (t *TKE) getKubeconfig() (*api.Config, error) {
- addr, err := platformutil.ClusterV1Address(&t.Cluster.Cluster)
+ host, err := platformutil.ClusterV1Host(&t.Cluster.Cluster)
  if err != nil {
  return nil, err
  }
 
- return kubeconfig.CreateWithToken(addr,
+ return kubeconfig.CreateWithToken(host,
  t.Cluster.Name,
  "admin",
  t.Cluster.ClusterCredential.CACert,

diff --git a/pkg/platform/util/client.go b/pkg/platform/util/client.go
@@ -226,7 +226,7 @@ func BuildTransport(credential *platform.ClusterCredential) (http.RoundTripper,
 
 // GetRestConfig returns rest config according to cluster
 func GetRestConfig(cluster *platformv1.Cluster, credential *platformv1.ClusterCredential) (*restclient.Config, error) {
- address, err := ClusterV1Address(cluster)
+ host, err := ClusterV1Host(cluster)
  if err != nil {
  return nil, err
  }
@@ -235,12 +235,12 @@ func GetRestConfig(cluster *platformv1.Cluster, credential *platformv1.ClusterCr
 
  if credential.CACert == nil {
  config.Clusters[contextName] = &api.Cluster{
- Server: address,
+ Server: fmt.Sprintf("https://%s", host),
  InsecureSkipTLSVerify: true,
  }
  } else {
  config.Clusters[contextName] = &api.Cluster{
- Server: address,
+ Server: fmt.Sprintf("https://%s", host),
  CertificateAuthorityData: credential.CACert,
  }
  }
@@ -396,7 +396,7 @@ func BuildClientSet(cluster *platform.Cluster, credential *platform.ClusterCrede
  if cluster.Status.Locked != nil && *cluster.Status.Locked {
  return nil, fmt.Errorf("cluster %s has been locked", cluster.ObjectMeta.Name)
  }
- address, err := ClusterAddress(cluster)
+ host, err := ClusterHost(cluster)
  if err != nil {
  return nil, err
  }
@@ -405,12 +405,12 @@ func BuildClientSet(cluster *platform.Cluster, credential *platform.ClusterCrede
 
  if credential.CACert == nil {
  config.Clusters[contextName] = &api.Cluster{
- Server: address,
+ Server: fmt.Sprintf("https://%s", host),
  InsecureSkipTLSVerify: true,
  }
  } else {
  config.Clusters[contextName] = &api.Cluster{
- Server: address,
+ Server: fmt.Sprintf("https://%s", host),
  CertificateAuthorityData: credential.CACert,
  }
  }
@@ -443,8 +443,8 @@ func BuildClientSet(cluster *platform.Cluster, credential *platform.ClusterCrede
  return kubernetes.NewForConfig(restConfig)
 }
 
-// ClusterAddress returns the cluster address.
-func ClusterAddress(cluster *platform.Cluster) (string, error) {
+// ClusterHost returns host and port for kube-apiserver of cluster.
+func ClusterHost(cluster *platform.Cluster) (string, error) {
  addrs := make(map[platform.AddressType][]platform.ClusterAddress)
  for _, one := range cluster.Status.Addresses {
  addrs[one.Type] = append(addrs[one.Type], one)
@@ -469,17 +469,17 @@ func ClusterAddress(cluster *platform.Cluster) (string, error) {
  return "", pkgerrors.New("no valid address for the cluster")
  }
 
- return fmt.Sprintf("https://%s:%d", address.Host, address.Port), nil
+ return fmt.Sprintf("%s:%d", address.Host, address.Port), nil
 }
 
-// ClusterV1Address returns the cluster address.
-func ClusterV1Address(c *platformv1.Cluster) (string, error) {
+// ClusterV1Host returns host and port for kube-apiserver of versioned cluster resource.
+func ClusterV1Host(c *platformv1.Cluster) (string, error) {
  var cluster platform.Cluster
  err := platformv1.Convert_v1_Cluster_To_platform_Cluster(c, &cluster, nil)
  if err != nil {
  return "", pkgerrors.Wrap(err, "Convert_v1_Cluster_To_platform_Cluster errror")
  }
- return ClusterAddress(&cluster)
+ return ClusterHost(&cluster)
 }
 
 // rootCertPool returns nil if caData is empty. When passed along, this will mean "use system CAs".

diff --git a/pkg/platform/util/location.go b/pkg/platform/util/location.go
@@ -21,9 +21,10 @@ package util
 import (
  "context"
  "fmt"
- "k8s.io/apimachinery/pkg/fields"
  "net/http"
  "net/url"
+
+ "k8s.io/apimachinery/pkg/fields"
  platformv1 "tkestack.io/tke/api/client/clientset/versioned/typed/platform/v1"
  v1 "tkestack.io/tke/api/platform/v1"
  "tkestack.io/tke/pkg/apiserver/authentication"
@@ -65,7 +66,7 @@ func APIServerLocationByCluster(ctx context.Context, cluster *platform.Cluster,
  if err != nil {
  return nil, nil, "", errors.NewInternalError(err)
  }
- address, err := ClusterAddress(cluster)
+ host, err := ClusterHost(cluster)
  if err != nil {
  return nil, nil, "", errors.NewInternalError(err)
  }
@@ -78,7 +79,7 @@ func APIServerLocationByCluster(ctx context.Context, cluster *platform.Cluster,
  // Otherwise, return the requested scheme and port, and the proxy transport
  return &url.URL{
  Scheme: "https",
- Host: address,
+ Host: host,
  Path: requestInfo.Path,
  }, transport, token, nil
 }

diff --git a/pkg/util/kubeconfig/kubeconfig.go b/pkg/util/kubeconfig/kubeconfig.go
@@ -25,14 +25,14 @@ import (
 )
 
 // CreateBasic creates a basic, general KubeConfig object that then can be extended
-func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config {
+func CreateBasic(host, clusterName, userName string, caCert []byte) *clientcmdapi.Config {
  // Use the cluster and the username as the context name
  contextName := fmt.Sprintf("%s@%s", userName, clusterName)
 
  return &clientcmdapi.Config{
  Clusters: map[string]*clientcmdapi.Cluster{
  clusterName: {
- Server: serverURL,
+ Server: fmt.Sprintf("https://%s", host),
  CertificateAuthorityData: caCert,
  },
  },
@@ -48,8 +48,8 @@ func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *client
 }
 
 // CreateWithCerts creates a KubeConfig object with access to the API server with client certificates
-func CreateWithCerts(serverURL, clusterName, userName string, caCert []byte, clientKey []byte, clientCert []byte) *clientcmdapi.Config {
- config := CreateBasic(serverURL, clusterName, userName, caCert)
+func CreateWithCerts(host, clusterName, userName string, caCert []byte, clientKey []byte, clientCert []byte) *clientcmdapi.Config {
+ config := CreateBasic(host, clusterName, userName, caCert)
  config.AuthInfos[userName] = &clientcmdapi.AuthInfo{
  ClientKeyData: clientKey,
  ClientCertificateData: clientCert,
@@ -58,8 +58,8 @@ func CreateWithCerts(serverURL, clusterName, userName string, caCert []byte, cli
 }
 
 // CreateWithToken creates a KubeConfig object with access to the API server with a token
-func CreateWithToken(serverURL, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config {
- config := CreateBasic(serverURL, clusterName, userName, caCert)
+func CreateWithToken(host, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config {
+ config := CreateBasic(host, clusterName, userName, caCert)
  config.AuthInfos[userName] = &clientcmdapi.AuthInfo{
  Token: token,
  }